Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away.
What is SSDP used for?
SSDP protocol, or Simple Service Discovery Protocol, is a protocol developed by the Universal Plug and Play (UPnP) Forum for networked devices to communicate and discover each other. It enables a device to advertise its services to other devices on the same network. This allows devices to be discovered and configured automatically with little effort from the user. Additionally, SSDP can be used for other purposes such as discovering media servers, controlling home automation systems, managing IP cameras, finding printers and faxes, and locating gaming consoles.
SSDP works by sending out multicast messages across a local area network (LAN). These messages are then received by all of the connected devices on that LAN, which can then respond with their own identification information. This allows the sender device to identify available services offered by the responding device. The communication between these two devices is entirely automatic, allowing users to easily add new devices without manually configuring them.
SSDP also has applications in distributed computing networks since it can provide a way for servers to discover clients on a given LAN. In this case, SSDP provides an efficient means of distributing information among multiple computers to respond effectively to requests made by connected users. Furthermore, some applications use SSDP for service discovery to facilitate communication between different processes running on separate machines over the same LAN.
Overall, SSDP is an important protocol that offers many advantages when it comes to connecting devices across a LAN or distributed computing system. In general, the SSDP protocol should not be exposed to the internet — and if there is a legitimate purpose for it to be exposed to the internet, then it should be properly maintained and secured from malicious intent.
What is an SSDP DDoS attack?
An SSDP DDoS attack is a type of network attack that utilizes the Simple Service Discovery Protocol (SSDP) to target vulnerable systems. This protocol was designed to allow devices such as printers, modems, and surveillance cameras to be discovered on a network quickly and easily. However, due to its inherent design flaws, it can be exploited to launch malicious code execution or distributed denial-of-service (DDoS) attacks. An SSDP attack works by sending out a large number of requests known as “discovery messages,” which can overwhelm the target’s system resources and prevent the legitimate user from connecting. Most, if not all, of these packets are spoofed, and in some cases, these discovery messages can be used to inject malicious code into the target system.
What are the symptoms of an SSDP DDoS attack?
The primary symptoms of an SSDP DDoS attack are unavailable production services, slower network speeds, and loss of user connectivity. Additionally, customer support resources will often become overwhelmed during an attack, putting increased pressure on security teams to identify the issue and resolve it. Finally, many victims of SSDP attacks will experience error messages when attempting to connect to online resources like websites or corporate VPN services.
Prevent SSDP and DDoS attacks with Akamai
Akamai offers end-to-end DDoS protection that acts as a first line of defense, providing dedicated edge, distributed DNS, and cloud mitigation strategies designed to prevent collateral damage and single points of failure. Our purpose-built DDoS clouds offer dedicated scrubbing capacity and higher quality of mitigation, which can be fine-tuned to the specific requirements of web applications or internet-based services.
One of the most effective ways to stop SSDP and other DDoS attacks is with Akamai Prolexic, a battle-tested cloud scrubbing service that protects entire data centers and internet-facing infrastructure from DDoS attacks across all ports and protocols. With Akamai Prolexic, your security teams can:
- Reduce risk of DDoS attacks, thanks to proactive mitigation controls and Prolexic’s zero-second SLA
- Stop highly complex SSDP DDoS attacks without sacrificing quality of mitigation
- Unify security postures by consistently applying DDoS mitigation policies throughout your organization, regardless of where applications are hosted
- Optimize incident response to ensure business continuity with service validation exercises, custom runbooks, and operational readiness drills
- Scale security resources with our fully managed solution that is backed by 225+ frontline SOCC responders
What is a DoS or DDoS attack?
A DoS attack, or denial-of-service attack, is designed to render a website, router, server, or network unavailable to legitimate users. A DoS attack is launched from a single computer, while a distributed denial-of-service (DDoS) attack uses a botnet or distributed network of IPv4 or IPv6 addresses — a robot network of hijacked computers, machines, or IoT devices — to attack a target from multiple locations.